Uber have only just disclosed that they paid off hackers to delete stolen data of 57 million users and drivers in October 2016.

Although the hacking took place in the US the UK Information Commissioner (ICO) has said they have huge concerns that UK citizens may have been affected and Uber did nothing to notify the ICO that the data breach had occurred.

Under the General Data Protection Regulation coming into force in May 2018 businesses have 72 hours to notify the ICO about a breach and face fines of up to €20 million or 4% of their annual turnover.

The Uber breach, where apparently the data was unencrypted, highlights that businesses in the UK must get their systems and procedures in shape urgently to ensure compliance by May.